SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.unidentified_004 (Back to overview)

Unidentified ELF 004

Actor(s): APT31

Implant used by APT31 on compromised SOHO infrastructure, tries to camouflage as a tool ("unifi-video") related to Ubiquiti UniFi surveillance cameras.

References
2021-11-10SekoiaCyber Threat Intelligence team
Walking on APT31 infrastructure footprints
Rekoobe Unidentified ELF 004 Cobalt Strike

There is no Yara-Signature yet.